mk_pos_nat :: nat ⇒ good_nat option mk_pos_nat n = (if good_nat n then Some (Abs_good_nat n) else None)

rel_fun (=) (rel_option pcr_good_nat) (λn. if good n then Some n else None) mk_good_nat Similarly, the function in my last email have the following relations: rel_fun (=) (list_all2 pcr_good_nat) my_complicated_computation my_complicated_computation' The actual generated code should of course be: mk_pos_nat n = (if good_nat n then Some (Abs_good_nat n) else None

Manuel On 14/10/2021 21:31, Manuel Eberl wrote:

Hello, I have a typedef of the form typedef good_nat = "{n::nat. good n}"and I have an executable function that produces a "nat list" where Ihave proven that all entries are good.How can I lift that to an *executable* function that produces a"good_nat list" instead?The way I see it, the usual approach of doing a "code abstype" andspecifying the code equation in terms of some projection out of the"type with invariant" to "type without invariant" doesn't work herebecause I have lists of these things.I do have a workaround involving a second typedef for intermediateresults, but it is very boilerplatey and I'd be happy to know if thereis something easier.See attachment for all the details. Thanks, Manuel

